Last updated: 2 May 2026
This DPA forms part of the Terms between SOLR AI Limited ("Processor") and the partner organisation ("Controller") using Enerwise Commercial. It complies with UK GDPR Article 28 and the EU Standard Contractual Clauses (UK IDTA).
The Processor processes personal data on behalf of the Controller solely to deliver the Enerwise Commercial service for the duration of the agreement plus the retention periods set out in our Privacy Policy.
Hosting, querying, processing and presentation of property energy assessments, leads and partner workflow data.
The current list is published at /subprocessors. The Controller is given at least 30 days’ notice of any addition or replacement and may object on reasonable grounds.
The Processor implements: encryption at rest and in transit (TLS 1.2+), Cloudflare WAF and DDoS, RLS at the database, role-based access, MFA, audited least-privilege secret management (GCP Secret Manager), Sentry with PII scrubbing, daily backups (eu-west), and incident response within ICO 72-hour windows.
Primary processing in UK / EEA. Cross-border transfers rely on the UK IDTA to the EU SCCs. Sub-processor list documents transfer mechanisms per provider.
Annual SOC 2 / ISO 27001 evidence on request. The Processor assists the Controller with DSARs, breach reporting, DPIAs and ICO inquiries within statutory time limits.
On termination, personal data is deleted within 30 days unless retention is required by law. Backups expire on the standard rolling schedule.
Liability under this DPA is governed by the limits in the master Terms.
info@solr.ai